In the Claims: 

Please amend Claims 57, 63, 72 and 81, all as shown below. Applicant respectfully reserves the 
right to prosecute any originally presented or canceled claims in a continuing or future application. This 
listing of claims will replace all prior versions, and listings, of claims in the application. 

Listing of Claims 

1-56. (Canceled) 

57. (Currently Amended) A system for maintaining security in a distributed computing environment, 
comprising: 

a policy manager located on a server for: 

creating a local security policy derived from a global security policy, said global security 
policy including a plurality of rules applicable to all application guards in the system, wherein creating 
the local security policy includes selecting a subset of the plurality of rules of the global security policy, 
said subset being applicable to a specific application guard at a client; and for 

distributing the local security policy to said client wherein the local security policy 
includes the subset of rules customized to the client, said subset of rules including a set of grant rules that 
allow access to securable components and a set of deny rules that prevent access to said securable 
components; and 

an application guard located at the client for managing access by individual transactions to 
securable components at a client level as specified by the local security policy, the securable components 
including at least one application wherein said application guard is integrated into said application and 
controls access to the application with which the application guard is integrated ; 

wherein the application guard receives an authorization request including a subject, an object and 
a privilege and evaluates said request by matching the subset of rules received from the policy manager to 
said subject, said object and said privilege in order to control access to said application integrated with the 
application guard securable components . 

58. (Previously presented) The system of Claim 57 wherein said securable components further 
include a function within the application as specified by the security policy. 
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59. (Withdrawn) The system of Claim 57 including a procedure within the application as specified by 
the security policy. 

60. (Withdrawn) The system of Claim 57 including a data structure within the application as 
specified by the security policy. 

61. (Withdrawn) The system of Claim 57 including a database object referenced by the application as 
specified by the security policy. 

62. (Withdrawn) The system of Claim 57 including a file system object referenced by the application 
as specified by the security policy. 

63. (Currently amended) A method for maintaining security in a distributed computing environment, 
comprising: 

receiving a global security policy that includes a plurality of rules for regulating access to 
securable components in the system, the securable components including at least one application wherein 
said rules of the global security policy apply to all application guards in the distributed computing 
environment; 

creating a local security policy via a policy manager located on a server, the local security policy 
including a plurality of rules customized to a client wherein creating the local security policy includes 
customizing the local security policy by selecting a subset of rules from the global security policy that is 
applicable to a specific application guard located on the client; 

distributing the local security policy to the client; and 

receiving an authorization request by the application guard, the authorization request including a 
subject, an object and a privilege wherein said application guard is integrated into said applicatio n and 
controls access to the application with which the application guard is integrated ; 

managing access as specified by the local security policy via the application guard located at the 
client to securable components wherein managing access includes comparing the subject, object and 
privilege to the subset of rules of the local security policy. 

64. (Previously presented) The method of Claim 63 wherein the securable components include a 
function within the application as specified by the security policy. 
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65. (Withdrawn) The method of Claim 63 including a procedure within the application as specified 
by the security policy. 

66. (Withdrawn) The method of Claim 63 including a data structure within the application as 
specified by the security policy. 

67. (Withdrawn) The method of Claim 63 including a database object referenced by the application 
as specified by the security policy. 

68. (Withdrawn) The method of Claim 63 including a file system object referenced by the application 
as specified by the security policy. 

69-71. (Canceled). 

72. (Currently amended) A method for maintaining security in a distributed computing environment, 
comprising the steps of: 

receiving a global security policy that includes a plurality of rules for regulating access to 
securable components in the system, the securable components including at least one application wherein 
said rules of the global security policy apply to all application guards in the distributed computing 
environment; 

providing a policy manager located on a server to create a local security policy including a 
plurality of rules customized to a client wherein creating the local security policy includes customizing 
the local security policy by selecting a subset of rules from the global security policy that is applicable to 
a specific application guard located on the client; 

distributing the local security policy to the client; 

providing an application guard located at the client to manage access to securable components at 
a client level as specified by the local security policy, said application guard being integrated into said 
application and controlling access to the application with which the application guard is integrated ; 

receiving an authorization request by the application guard, said authorization request including a 
subject, an object and a privilege; and 

controlling access to the securable components by matching the subject, object and privilege to 
the subset of the rules by the application guard. 
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73. (Previously Presented) The method of Claim 72 wherein the securable components include a 
function within the application as specified by the security policy. 

74. (Withdrawn) The method of Claim 72 including a procedure within the application as specified 
by the security policy. 

75. (Withdrawn) The method of Claim 72 including a data structure within the application as 
specified by the security policy. 

76. (Withdrawn) The method of Claim 72 including a database object referenced by the application 
as specified by the security policy. 

77. (Withdrawn) The method of Claim 72 including a file system object referenced by the application 
as specified by the security policy. 

78-80. (Previously Canceled). 

81. (Currently Amended) A computer readable storage medium having stored thereon a set of 
instructions to execute a method for maintaining security in a distributed computing environment 
comprising the steps of: 

receiving a global security policy that includes a plurality of rules for regulating access to 
securable components in the system, the securable components including at least one application wherein 
said rules of the global security policy apply to all application guards in the distributed computing 
environment; 

creating a local security policy via a policy manager located on a server, the local security policy 
including a plurality of rules customized to a client wherein creating the local security policyjncludes 
customizing the local security policy by selecting a subset of rules from the global security policy that is 
applicable to an application guard located on the client; 

distributing the local security policy to the client; and 

receiving an access request by the application guard, said access request including a subject, an 
object and a privilege wherein said application guard is integrated into said application and controls 
access to the application with which the application guard is integrated ; 
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matching the access request to at least one rule selected from the subset of the rules in order to 
manage access as specified by the local security policy via the application guard located at the client to 
securable components. 

82. (Previously Presented) The computer readable storage medium of Claim 81 wherein the securable 
components include a function within the application as specified by the security policy. 

83. (Withdrawn) The computer readable storage medium of Claim 81 including a procedure within 
the application as specified by the security policy. 

84. (Withdrawn) The computer readable storage medium of Claim 8 1 including a data structure within 
the application as specified by the security policy. 

85. (Withdrawn) The computer readable storage medium of Claim 81 including a database object 
referenced by the application as specified by the security policy. 

86. (Withdrawn) The computer readable storage medium of Claim 81 including a file system object 
referenced by the application as specified by the security policy. 

87-89. (Previously Canceled). 

90. (Previously Presented) The system of claim 57, wherein the application guard further allows for 
additional customized code to process and evaluate authorization requests based on the additional 
customized code. 

91. (Previously Presented) The system of claim 90, wherein the global policy specifies access 
privileges of a user to securable components. 

92. (Previously Presented) The method of claim 72, wherein the application guard further allows for 
additional customized code to process and evaluate authorization requests based on the additional 
customized code. 

93. (Previously Presented) The method of claim 92, wherein the global policy specifies access 
privileges of a user to securable components. 
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94. (Previously Presented) The computer readable storage medium of claim 81, wherein the 
application guard further allows for additional customized code to process and evaluate authorization 
requests based on the additional customized code. 

95. (Previously Presented) The computer readable storage medium of claim 94, wherein the global 
policy specifies access privileges of a user to securable components. 
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